IETF Logo Mail Archive

Re: [openpgp] v5 interoperability

Andrew Gallagher <andrewg@andrewg.com> Mon, 15 April 2024 10:32 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 316B5C14F747 for <openpgp@ietfa.amsl.com>; Mon, 15 Apr 2024 03:32:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VZsa3qZomS4R for <openpgp@ietfa.amsl.com>; Mon, 15 Apr 2024 03:31:58 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E44CC14F739 for <openpgp@ietf.org>; Mon, 15 Apr 2024 03:31:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1713177114; bh=kZ2aFwgVvH598WHJhCnyjAypxA9kes42Vjn6RlJr4A8=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=YspCXnOw0oYtCEviqGxIR7FO7QMLkqruTpICl3ZGAcP1W6qIdSTmubwif5ITFkp1+ /nUQF3XPsD9xky8RlApj2E9Aw6Goi4ktxc1naiq/ipAiV2dOUXuPyxD21KfoCFvjDW i90Qp3z1OlxfffuKhfR/12siUhgZwN4IJ/SAwpUTzIOgasl9nvbkrBkRk954ONrrF5 q8MezKpaWEJ4ZOBmw6PWoG1V9AC/IjDE8EAhg7X0I+m4dU9woO02DQxMt6H5XkSCwF dUaz+FSqZwJkYt4aCiEZiN7lxAXC7KbpgGz4WzCbbvlVZVq6d5TAP2oDhJl37CvF0l yQe8qrQvezjOA==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 3BF3C5DE70; Mon, 15 Apr 2024 10:31:54 +0000 (UTC)
Content-Type: multipart/signed; boundary="Apple-Mail=_598C9FA2-0F0C-4525-BD23-C4143DCC24BA"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
From: Andrew Gallagher <andrewg@andrewg.com>
In-Reply-To: <87seznkp0z.fsf@jacob.g10code.de>
Date: Mon, 15 Apr 2024 11:31:35 +0100
Cc: Kai Engert <kaie@kuix.de>, IETF OpenPGP WG <openpgp@ietf.org>
Message-Id: <35A8584A-B5B3-4926-AA1D-4095316114C0@andrewg.com>
References: <87y19fkuwd.fsf@jacob.g10code.de> <653C4C54-3025-4A08-8518-D08E3246D80B@andrewg.com> <87seznkp0z.fsf@jacob.g10code.de>
To: Werner Koch <wk@gnupg.org>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/89q37a91073NQcCWxEJqek44Gf8>
Subject: Re: [openpgp] v5 interoperability
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 10:32:03 -0000

On 15 Apr 2024, at 09:29, Werner Koch <wk@gnupg.org> wrote:
> 
> On Mon, 15 Apr 2024 09:06, Andrew Gallagher said:
> 
>> OK, so graceful upgrade is done by adding a v5 Kyber subkey to an
>> existing v4 primary?
> 
> Sure, that is a tested migration path.

OK, but does this then mean that v5 pqc encryption subkeys are merely the preferred method, or that they are the only method you would support? i.e. will gnupg reject v4 pqc keys if they turn up?

A

v2.23.0 | Report a Bug | By Email